Cyber Policy and Strategy Planner
Work Role ID: OV-SPP-002Develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.Category: Oversee and GovernSpecialty Area: Strategic Planning and Policy
Abilities
- A0003: Ability to determine the validity of technology trend data.
- A0033: Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
- A0037: Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
Knowledge
- K0001: Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004: Knowledge of cybersecurity and privacy principles.
- K0005: Knowledge of cyber threats and vulnerabilities.
- K0006: Knowledge of specific operational impacts of cybersecurity lapses.
- K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- K0127: Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
- K0146: Knowledge of the organization's core business/mission processes.
- K0168: Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
- K0234: Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).
- K0248: Knowledge of strategic theory and practice.
- K0309: Knowledge of emerging technologies that have potential for exploitation.
- K0311: Knowledge of industry indicators useful for identifying technology trends.
- K0313: Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).
- K0335: Knowledge of current and emerging cyber technologies.
- K0624: Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Skills
- S0176: Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
- S0250: Skill in preparing plans and related correspondence.
Tasks
- T0074: Develop policy, programs, and guidelines for implementation.
- T0094: Establish and maintain communication channels with stakeholders.
- T0222: Review existing and proposed policies with stakeholders.
- T0226: Serve on agency and interagency policy boards.
- T0341: Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
- T0369: Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
- T0384: Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
- T0390: Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
- T0408: Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
- T0425: Analyze organizational cyber policy.
- T0429: Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
- T0441: Define and integrate current and future mission environments.
- T0445: Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan.
- T0472: Draft, staff, and publish cyber policy.
- T0505: Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
- T0506: Seek consensus on proposed policy changes from stakeholders.
- T0529: Provide policy guidance to cyber management, staff, and users.
- T0533: Review, conduct, or participate in audits of cyber programs and projects.
- T0537: Support the CIO in the formulation of cyber-related policies.